uniform guidance: internal control - ed guidance: internal control ... high unit costs ... systems...
TRANSCRIPT
Uniform Guidance: Internal Control
U.S. Department of Education
OCFO/Financial Improvement Operations
Uniform Guidance Goals and Key Take-Aways
Internal Control
2 C.F.R. 200.303 Internal Controls are elevated as an accountability measure
Understanding Key Internal Control Elements
Maintain effective internal controls to provide reasonable assurance
Standards for Internal Control in the Federal Government
Key areas of emphasis: Allowability, Monitoring, Functions/Operations
Internal Control Tool-kit
OCFO/Financial Improvement Operations
Internal Control: Reasonable Assurance
Internal Controls give reasonable assurance that the
organization will achieve its objectives through
Effective and efficient operations
Reliable reporting
Compliance with applicable laws and regulations
OCFO/Financial Improvement Operations
Internal Control: Through and Through
Five components of
Internal controls
OCFO/Financial Improvement Operations
Defining Internal Control Those processes by which you assure objectives are achieved
efficiently, effectively, and with reliable, compliant reporting:
A Control Environment that sets the tone for the organization.
A Risk Assessment process that involves the identification and analysis of
relevant risks.
Control Activities that include the policies and procedures that help ensure
management directives are carried out and documented.
Information and Communication systems or processes that support the
exchange of information.
Monitoring processes used to assess the quality of internal control
performance over time.
OCFO/Financial Improvement Operations
Internal Control: Crucial Accountability
The elevated the role of internal control:
Creates a transparent system of accountability for decision
making around federal funds.
This system of accountability applies equally to Federal Agencies,
grantees, and sub-recipients.
While internal controls are not new to the financial world
They may be new to folks working on program implementation.
OCFO/Financial Improvement Operations
How It Works: Financial Management
Assessable units/functions must be able to:
Identify all Federal award inflows and outflows
Produce financial and performance results of each
award/program
Maintain records showing the source and use of funds
Compare actual expenses with budgeted expenses
Document allowability procedures
Control Environment
Type of Control Definition Examples Tone at the Top Demonstrate a commitment to the organization’s integrity and ethical values. Directives
Tone at the Top Demonstrate a commitment to the organization’s integrity and ethical values. Policies
Tone at the Top Demonstrate a commitment to the organization’s integrity and ethical values. Lead by example
Oversight Oversight Body who oversees management’s design, implementation, and operation of the organization’s internal control system. Board of Directors
Oversight Oversight Body who oversees management’s design, implementation, and operation of the organization’s internal control system. Management Team
Oversight Oversight Body who oversees management’s design, implementation, and operation of the organization’s internal control system. Chief State School Officer
Commitment to Competence Management establishes expectations of competence on recruiting, developing, and retaining personnel. Position Descriptions
Commitment to Competence
Management establishes expectations of competence on recruiting, developing, and retaining personnel. Position Descriptions
Commitment to Competence Management establishes expectations of competence on recruiting, developing, and retaining personnel. Required skills and certifications
Accountability Personnel’s responsibilities. Day-to-day decision making
Accountability Personnel’s responsibilities. Roles and responsibilities
Accountability Personnel’s responsibilities. Lines of Authority
Risk Assessment
OCFO/Financial Improvement Operations
Risk Assessment
Internal Controls – Examples of Risk Considerations
Complexity of the process
Level of manual intervention
Fraud risk
Management override
Non-routine transactions
Management by a third party;
History of audit issues
Changes in laws/regulations
Human capital management
Control Activities
Type of Control Definition Examples
Preventive Control that helps management to avoid issues before they occur. Training
Preventive Control that helps management to avoid issues before they occur. Review and Approval Process
Preventive Control that helps management to avoid issues before they occur. Segregation of Duties
Detective Control that discover issues after they occur. Reconciliation
Detective Control that discover issues after they occur. Trace Transaction to Source Document
Detective Control that discover issues after they occur. Monitor Actual vs. Budget
General (IT) Policies and procedures that apply to all or a large portion of an organization’s IT systems. Security Management
General (IT) Policies and procedures that apply to all or a large portion of an organization’s IT systems. Logical and Physical Access
General (IT) Policies and procedures that apply to all or a large portion of an organization’s IT systems. Configuration Management
Application (IT) Control that is incorporated into computer applications to ensure data accuracy and integrity. Edit Checks for Input Data
Application (IT) Control that is incorporated into computer applications to ensure data accuracy and integrity. Interface
Application (IT) Control that is incorporated into computer applications to ensure data accuracy and integrity. Data Management System Control
Information and Communication
Management communicates relevant and timely information to support the internal control system
Factor Description
Audience • The targeted recipients of the information anticipated to be delivered.
Nature of Information • The type of information being communicated.
Availability • The accessibility of information to the audience.
Cost • The amount of resources needed to communicate the information.
Monitoring
Management performs evaluations to ensure the design and operation of controls are efficient and effective
Common Terminology Description/Examples
Ongoing Monitoring •Day-to-day management oversight
Ongoing Monitoring •Regular comparisons and reviews (leverage automated tools)
Separate Evaluations •Internal/external audits
Separate Evaluations •Periodic self-assessments based on risk (control testing and evaluation)
Control Deficiency •A potential or actual internal control issue or an opportunity to strengthen the organization’s internal control system.
Corrective Action •Action item planned by management to remediate identified internal control deficiencies in a specific time frame.
OCFO/Financial Improvement Operations
Where Do Internal Controls Live?
Specific functions/processes
Payments/cash management
Compensation/personnel expenses
Procurement
Property management
Financial monitoring
Subrecipient monitoring
OCFO/Financial Improvement Operations
Determining Allowability
Basic standards for allowability remain the haven’t changed:
Necessary, reasonable, allocable, and documented
The documentation tells the story
Reconstruct the story of a particular use of funds then clear determination is possible.
The more difficult it is to reconstruct the story, the more you will have to rely on other mechanisms to ensure proper use of funds.
Factors Affecting Allowability
2 CFR §200.403
Generally a
cost is
reasonable if
it is:
Reasonable in its nature, and does not exceed that
which would be spent by a “prudent person”
Necessary for the performance of the Federal
Award
Conforms to limitations/exclusions in the law or the
Uniform Guidance
Comparable to market prices for the geographic
area
Factors Affecting Allowability
2 CFR §200.403
Generally a
cost is
reasonable if
it is:
Treated consistently as a direct, rather than indirect,
charge
Accounted for in accordance with Generally
Accepted Accounting Principles
Consistent with State/local procurement rules
Not included as a cost or used to meet cost sharing
or matching requirements
Adequately documented
Reasonable
2 CFR §200.404
In determining
reasonableness
you must
consider:
Whether the cost is of a type generally recognized
as ordinary and necessary for the award
Market prices for comparable goods or services for
the geographic area
Whether Individual acted with prudence in the
circumstance
The degree to which the entity follows established
practices and policies regarding the incurrence of
costs
Allocable
2 CFR § 200.405
In determining
allocability you
must consider
whether:
It can be assigned to a particular cost objective
Purchased for a particular award
Necessary to implement the objectives of the grant
The item of cost proportionally benefits two or more
projects or activities, that cost should be allocated to
the projects based on the benefit received
OCFO/Financial Improvement Operations
Discussion Time! Given a Function…
Accounting
Payment System
Property
Standards/System
Procurement
Standards/System,
System for Monitoring
and Reporting Program
Performance
Make an argument for why your function is most
important to the efficiency and effectiveness of a grantee
Mitigating Strategies
Additional control activities put in place to
mitigate risk presented
Those additional controls are called
compensating controls.
Compensating controls are a type of control
used to discover, prevent, and or mitigate
mistakes.
OCFO/Financial Improvement Operations
Examples of Compensating Controls
Segregation of duties :
One employee responsible for ensuring allowability based either
on program law or uniform guidance,
One person to do the accounting portion of the job, and
One person responsible for signing the checks.
Segregation of duties can be difficult for businesses with small
staffs. Compensating controls, in this case, may include
maintaining and reviewing decision making logs and
supporting documentation.
OCFO/Financial Improvement Operations
How to Identify Opportunities for TA
Program Performance Reporting
Compare accomplishments to objectives for time period
Quantified where applicable
With trend analysis, if available
If objectives were not met, the reasons why
Other pertinent information, e.g., Cost overruns, High unit costs
Site-Visits
OCFO/Financial Improvement Operations
Sources of Data to Inquire About Internal
Control
Program Reporting – Fiscal Monitoring
Examine source data
Information in the Department’s G5 Grant System
Expenditure Reports
Budget Submission
Other Financial Reports
Single State Audits
Source Documents
OCFO/Financial Improvement Operations
Systems to Inquire About Internal Control
Record Retention and Access
Retain for three years after submission of final expense report:
Financial records
Supporting documents
Statistical records
Other grantee records
Access should be timely and reasonable
OCFO/Financial Improvement Operations
Systems to Inquire About Internal Control
Sub-recipient Monitoring
Grantees must monitor the activities of
Contractors
Vendors
Sub-recipients
OCFO/Financial Improvement Operations
Systems to Inquire About Internal Control
Sub-recipient Monitoring
Grantees must evaluate the risk of sub-recipient activities,
especially considering
Prior experience with similar sub-awards
Results of audits
New or substantially changed systems of the sub-recipient
Imposition of specific sub-award conditions may be
warranted
OCFO/Financial Improvement Operations
Systems to Inquire About Internal Control
Sub-recipient Monitoring
Grantees must monitor the performance of subrecipients
Review of financial and programmatic reports
Follow-up to ensure identified deficiencies/findings are remediated
Issue determinations related to audit findings
Grantees should offer training and assistance to subrecipients
where needed
Time and Effort: Flexible and Accountable
Internal Controls Poster Child
New flexibility: “system of internal control” for documenting personnel compensation:
Requirements for personnel compensation are found at 2 CFR 200.430-431
Alternative accounting processes are allowable for sampling in-time distribution reporting
Federal agencies may approve alternative accounting methods for blended funds
OCFO/Financial Improvement Operations
Walk-thru of Tool-kit
The toolkit includes:
A glossary of terms, common language, associated with the internal controls
field.
A “quick check” document that can facilitate an initial self-assessment.
A second tier self-assessment to hone in on problematic areas.
An example of a procurement flow chart which includes a series of questions
you might ask yourself in assessing a aspects of an example procurement
process. These questions are illustrative of the type of analysis you should
conduct. In determining the allowability of expenditures involving Federal funds.
Template to use as a starting point in documenting the organization’s internal
control system.
OCFO/Financial Improvement Operations
Tool Kit: Glossary
OCFO/Financial Improvement Operations
Tool Kit: Manager’s Quick Check
OCFO/Financial Improvement Operations
Tool Kit: Self Assessment (6 pages)
OCFO/Financial Improvement Operations
Tool Kit: Process Map with Questions
OCFO/Financial Improvement Operations
Tool Kit: Control Environment Questions
OCFO/Financial Improvement Operations
Tool Kit: Risk Assessment Questions
OCFO/Financial Improvement Operations
Tool Kit: Control Activities Questions
OCFO/Financial Improvement Operations
Tool Kit: Information Questions
OCFO/Financial Improvement Operations
Tool Kit: Monitoring Questions
OCFO/Financial Improvement Operations
Tool Kit: Process Map sample
OCFO/Financial Improvement Operations
Tool Kit: Internal Control Guidance
OCFO/Financial Improvement Operations
Tool Kit: Assessible Unit Process Form
Resources
Your Department program officer
The Department’s one-stop shop for information: Uniform Guidance Technical Assistance for ED Grantees
Includes links to COFAR, OMB and EDGAR
Includes FAQs
Includes specific crosswalks between Parts 74 and 80 of EDGAR and the Uniform Guidance
Email questions to: [email protected]